Issues - railsdog/spree_shipping_labels

Possible shell escape sequence injection vulnerability in Rack
Open

    rack (1.6.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-30123

Criticality: Critical

URL: https://groups.google.com/g/ruby-security-ann/c/LWB10kWzag8

Solution: upgrade to >= 2.0.9.1, ~> 2.0.9, >= 2.1.4.1, ~> 2.1.4, >= 2.2.3.1

CSRF Vulnerability in rails-ujs
Open

    actionview (4.2.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8167

Criticality: Medium

URL: https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0

Solution: upgrade to >= 5.2.4.3, ~> 5.2.4, >= 6.0.3.1

ReDoS based DoS vulnerability in Active Support’s underscore
Open

    activesupport (4.2.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22796

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

ReDoS based DoS vulnerability in GlobalID
Open

    globalid (0.3.6)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2023-22799

URL: https://github.com/rails/globalid/releases/tag/v1.0.1

Solution: upgrade to >= 1.0.1

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

    rack (1.6.0)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2020-8184

Criticality: High

URL: https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak

Solution: upgrade to ~> 2.1.4, >= 2.2.3

Possible XSS Vulnerability in Action View tag helpers
Open

    actionview (4.2.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-27777

Criticality: Medium

URL: https://groups.google.com/g/ruby-security-ann/c/9wJPEDv-iRw

Solution: upgrade to >= 5.2.7.1, ~> 5.2.7, >= 6.0.4.8, ~> 6.0.4, >= 6.1.5.1, ~> 6.1.5, >= 7.0.2.4

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

    activerecord (4.2.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-44566

URL: https://github.com/rails/rails/releases/tag/v7.0.4.1

Solution: upgrade to >= 5.2.8.15, ~> 5.2.8, >= 6.1.7.1, ~> 6.1.7, >= 7.0.4.1

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

    nokogiri (1.6.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-7rrm-v45f-jp64

Solution: upgrade to >= 1.11.4

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-16932

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.1

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

    nokogiri (1.6.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2019-5477

Criticality: Critical

URL: https://github.com/sparklemotion/nokogiri/issues/1915

Solution: upgrade to >= 1.10.4

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

    nokogiri (1.6.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-9050

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/issues/1673

Solution: upgrade to >= 1.8.1

Inefficient Regular Expression Complexity in Nokogiri
Open

    nokogiri (1.6.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-24836

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-crjr-9rc5-ghw8

Solution: upgrade to >= 1.13.4

Loofah XSS Vulnerability
Open

    loofah (2.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-16468

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/154

Solution: upgrade to >= 2.2.3

Out-of-bounds Write in zlib affects Nokogiri
Open

    nokogiri (1.6.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-25032

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-v6gp-9mmm-c6p5

Solution: upgrade to >= 1.13.4

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

    nokogiri (1.6.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2017-15412

URL: https://github.com/sparklemotion/nokogiri/issues/1714

Solution: upgrade to >= 1.8.2

Loofah XSS Vulnerability
Open

    loofah (2.0.1)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2018-8048

Criticality: Medium

URL: https://github.com/flavorjones/loofah/issues/144

Solution: upgrade to >= 2.2.1

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

    rails-html-sanitizer (1.0.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2022-23520

Criticality: Medium

URL: https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8

Solution: upgrade to >= 1.4.4

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

    nokogiri (1.6.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2qc6-mcvw-92cw

Solution: upgrade to >= 1.13.9

httparty has multipart/form-data request tampering vulnerability
Open

    httparty (0.13.7)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory:

Criticality: Medium

URL: https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42

Solution: upgrade to >= 0.21.0

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

    nokogiri (1.6.6.2)

Found in Gemfile.lock by bundler-audit

Read up
Read up
Exclude checks
- Disable engine
- Disable check

Advisory: CVE-2021-41098

Criticality: High

URL: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-2rr5-8q37-2w7h

Solution: upgrade to >= 1.12.5

railsdog/spree_shipping_labels

Showing 288 of 288 total issues

Possible shell escape sequence injection vulnerability in Rack
Open

CSRF Vulnerability in rails-ujs
Open

ReDoS based DoS vulnerability in Active Support’s underscore
Open

ReDoS based DoS vulnerability in GlobalID
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Loofah XSS Vulnerability
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Loofah XSS Vulnerability
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

httparty has multipart/form-data request tampering vulnerability
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open

Severity

Category

Status

Source

Language

railsdog/spree_shipping_labels

Showing 288 of 288 total issues

Possible shell escape sequence injection vulnerability in Rack Open

CSRF Vulnerability in rails-ujs Open

ReDoS based DoS vulnerability in Active Support’s underscore Open

ReDoS based DoS vulnerability in GlobalID Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names Open

Possible XSS Vulnerability in Action View tag helpers Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12 Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities Open

Inefficient Regular Expression Complexity in Nokogiri Open

Loofah XSS Vulnerability Open

Out-of-bounds Write in zlib affects Nokogiri Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities Open

Loofah XSS Vulnerability Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs Open

httparty has multipart/form-data request tampering vulnerability Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby Open

Severity

Category

Status

Source

Language

Possible shell escape sequence injection vulnerability in Rack
Open

CSRF Vulnerability in rails-ujs
Open

ReDoS based DoS vulnerability in Active Support’s underscore
Open

ReDoS based DoS vulnerability in GlobalID
Open

Percent-encoded cookies can be used to overwrite existing prefixed cookie names
Open

Possible XSS Vulnerability in Action View tag helpers
Open

Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Open

Update packaged dependency libxml2 from 2.9.10 to 2.9.12
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Nokogiri Command Injection Vulnerability via Nokogiri::CSS::Tokenizer#load_file
Open

Nokogiri gem, via libxml, is affected by DoS and RCE vulnerabilities
Open

Inefficient Regular Expression Complexity in Nokogiri
Open

Loofah XSS Vulnerability
Open

Out-of-bounds Write in zlib affects Nokogiri
Open

Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Open

Loofah XSS Vulnerability
Open

Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Open

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs
Open

httparty has multipart/form-data request tampering vulnerability
Open

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Open